When it comes to protecting the public, the high cost of hoarding data has grown painfully clear. "In the wake of Sept. 11, we discovered that information on the hijackers' activities was available through a variety of databases at the federal, state and local government levels as well as within the private sector," said President Bush in a report on homeland security initiatives in his 2003 budget. Brought together, those scattered facts might have produced enough useful information to prevent a tragedy.
Today, there are widespread calls to weave a net of data tight enough to catch terrorists before they strike. A system combining records from the Immigration and Naturalization Service and state departments of motor vehicles, for instance, could raise an alarm when someone holding an expired visa applies for a license to transport hazardous materials. With this in mind, the president's budget proposes a program to help federal, state, local and relevant private-sector organizations share data in the name of homeland security.
Banks Do It
Technology to bring together data from disparate computer systems already exists. Steve Cooperman, director of the homeland security solutions group at Oracle Corp., pointed to the way financial institutions routinely and securely share data. "You can use any credit card anywhere in the world, and it all works," he said.
The desire is strong and the technology is ready, but agencies still have much to do before they can seamlessly share information on suspected terrorist activities. For one thing, they need to agree on an architecture.
One common approach is to collect data from disparate sources in a data warehouse. In Los Angeles County, a warehouse developed by Oracle merges data from multiple agencies, including the county court systems, two sheriff's department systems, the juvenile justice system, the state's DMV and Department of Justice systems and county, state and FBI warrant systems. In the past, a judge or arresting officer had to search these databases individually to find information on a suspect.
"We used to take 45 to 90 minutes to identify someone. Now it takes two and a half seconds," Cooperman said. "And what used to be 20 percent accuracy in identification is now 98 percent."
A second approach is to develop interfaces between systems that belong to different agencies, so an application running on one can employ data stored in another. Fairfax, Va.-based webMethods offers software to accomplish this, using standards such as XML and EDI to move data between systems.
WebMethods is talking with one potential partner about a homeland security application that will allow DMV systems to tap information about foreign students, said Al Fox, the company's director of public sector operations. "WebMethods would be the glue to pull the information back and forth," he said.
The webMethods software can also provide a conduit for moving data from several applications into a central data warehouse, said Ivy Eckerman, a company spokeswoman.
The Clearinghouse Option
Pennsylvania's integrated law enforcement system, Justice Network (JNET), follows yet another method. JNET's stakeholders didn't want to alter their legacy systems, or write interfaces among them, in order to share information, said Linda Rosenberg, executive director of JNET. "So many systems had failed in the past because agencies had to conform to some type of standard, and they built a data warehouse," which proved very expensive, she said.
A Web-based system, JNET serves as a central clearinghouse and translator for data residing with the state's law enforcement and justice agencies. County and local agencies contribute by uploading data to the state agencies' systems.
Users query JNET through a common, browser-based interface. A user who makes a query, such as entering the name of a suspect, receives relevant information from all participating databases. The system also notifies other agencies when events of interest occur anywhere in the criminal justice system. If a parolee is arrested, for example, JNET automatically alerts the parole board. This notification function is probably the aspect of JNET that would translate most powerfully to a federal homeland security system, Rosenberg said.
Pennsylvania started its JNET program under the administration of former Gov. Tom Ridge, now director of the federal Office of Homeland Security. The system has been noted as a possible model for a national anti-terrorist information network.
Jon and Jonathan
Besides bringing together content from separate databases, developers of homeland security systems need to ensure that the integrated data yields solid information. Software developed by Boston-based Vality Technology extracts similar data stored in different formats and determines whether it refers to the same information. Using "probabilistic matching" and other techniques, it determines, for example, if the 24-year old cashier listed as "Jon Smith" on "Main Street" in one computer system and "Smith, Jonathan William" on "Route 12" in a second is also the "J. W. Smith" on "Main St." who applied for unemployment insurance.
Today, states use the technology to identify tax violators when they compare information on tax forms with data found in sources such as DMV and property tax databases, said David Wilson, Vality's director of product management. "It's not that far a leap from that to the next step of bouncing up against some of these government suspect lists" in a homeland security application, he said.
The Chicago Police Department (CPD) is starting to apply "predictive analysis" to integrated data to help estimate where crimes will occur in the future -- a tactic that could be used to forestall terrorists as well. The department's Citizen and Law Enforcement Analysis and Reporting (CLEAR) system integrates data from the department and other law enforcement agencies in a data warehouse created by Oracle. Some of this data is captured in real time by 911 dispatchers, by detectives managing their cases online and, in the near future, by officers entering reports into wireless laptops.
"Much as a weatherman predicts what the weather will be like by taking certain real-time variables into consideration," the system, when complete, will analyze the patterns of incidents reported in real time to predict where crime is likely to occur next, said Ron Huberman, CPD's chief information officer. The department will use these predictions to assign officers to spots where trouble is expected, he said.
Security, Privacy Concerns
Obviously, anyone planning to merge data from disparate systems in the name of homeland security also needs to worry about another kind of security -- that of the data itself. "A lot of interoperability issues come right down to policy. But these policies haven't been implemented because people haven't had the confidence that they can keep their assets secure while sharing only those elements of the data that are necessary," Oracle's Cooperman observed.
The systems vendors are marketing homeland security products that rely on encryption, firewalls and other well-established techniques to ensure that information goes only to authorized recipients.
Government agencies developing integrated homeland security systems also face legal obstacles. "We see a lot of issues with privacy concerns, and also issues that laws have to be enacted before data is shared, or there's even an agreement to ship information between some local law enforcement agency and components of the federal government," Fox said.
"Obviously, from what we've seen with 9-11 and related concerns about the future security of the country, the benefits of sharing this information and being able to integrate it are very compelling. In fact, in some instances this provides the only economically feasible mechanism for combating terrorism," observed Stephen Brown, vice president of product strategy at Vality. "The country faces some interesting conundrums between overcoming historical boundaries to information integration and the mandate to do so as quickly as possible."